Author: jerry Date: 2006-11-16 23:58:30 +0000 (Thu, 16 Nov 2006) New Revision: 19756
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19756 Log: Port server affinity fix from SAMBA_3_0: * When using a krb5 session setup, we don't fill in the server_name string the clis_state struct. So call saf_store() after we have the short domain name in the lsa_query_inof_policy code. * Remove unused server string in saf_delete() Modified: branches/SAMBA_3_0_24/source/libsmb/namequery.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0_24/source/utils/net_ads.c branches/SAMBA_3_0_24/source/utils/net_domain.c Changeset: Modified: branches/SAMBA_3_0_24/source/libsmb/namequery.c =================================================================== --- branches/SAMBA_3_0_24/source/libsmb/namequery.c 2006-11-16 23:56:52 UTC (rev 19755) +++ branches/SAMBA_3_0_24/source/libsmb/namequery.c 2006-11-16 23:58:30 UTC (rev 19756) @@ -15,8 +15,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ #include "includes.h" @@ -24,7 +23,6 @@ /* nmbd.c sets this to True. */ BOOL global_in_nmbd = False; - /**************************** * SERVER AFFINITY ROUTINES * ****************************/ @@ -77,13 +75,13 @@ return ret; } -BOOL saf_delete( const char *domain, const char *servername ) +BOOL saf_delete( const char *domain ) { char *key; BOOL ret = False; - if ( !domain || !servername ) { - DEBUG(2,("saf_delete: Refusing to store empty domain or servername!\n")); + if ( !domain ) { + DEBUG(2,("saf_delete: Refusing to delete empty domain\n")); return False; } @@ -94,10 +92,11 @@ ret = gencache_del(key); if (ret) { - DEBUG(10,("saf_delete: domain = [%s], server = [%s]\n", - domain, servername)); + DEBUG(10,("saf_delete: domain = [%s]\n", domain )); } + SAFE_FREE( key ); + return ret; } Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c =================================================================== --- branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c 2006-11-16 23:56:52 UTC (rev 19755) +++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c 2006-11-16 23:58:30 UTC (rev 19756) @@ -258,10 +258,10 @@ add_failed_connection_entry(domain->name, server, result); /* If this was the saf name for the last thing we talked to, remove it. */ - saf_delete(domain->name, server); + saf_delete(domain->name); if (*domain->alt_name) { add_failed_connection_entry(domain->alt_name, server, result); - saf_delete(domain->alt_name, server); + saf_delete(domain->alt_name); } } Modified: branches/SAMBA_3_0_24/source/utils/net_ads.c =================================================================== --- branches/SAMBA_3_0_24/source/utils/net_ads.c 2006-11-16 23:56:52 UTC (rev 19755) +++ branches/SAMBA_3_0_24/source/utils/net_ads.c 2006-11-16 23:58:30 UTC (rev 19756) @@ -803,6 +803,7 @@ struct cli_state *cli = NULL; TALLOC_CTX *ctx; DOM_SID *dom_sid = NULL; + char *short_domain_name = NULL; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -829,12 +830,14 @@ goto done; } - saf_store( cli->server_domain, cli->desthost ); - - if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &dom_sid )) ) { + if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, + &short_domain_name, &dom_sid )) ) + { goto done; } + saf_delete( short_domain_name ); + status = netdom_leave_domain(ctx, cli, dom_sid); /* Ty and delete it via LDAP - the old way we used to. */ @@ -940,7 +943,7 @@ ********************************************************************/ static int net_join_domain( TALLOC_CTX *ctx, const char *servername, - struct in_addr *ip, DOM_SID **dom_sid, const char *password ) + struct in_addr *ip, char **domain, DOM_SID **dom_sid, const char *password ) { int ret = -1; struct cli_state *cli = NULL; @@ -948,11 +951,11 @@ if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, ip, servername)) ) goto done; - saf_store( cli->server_domain, cli->desthost ); - - if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, dom_sid )) ) + if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, domain, dom_sid )) ) goto done; + saf_store( *domain, cli->desthost ); + if ( !NT_STATUS_IS_OK(netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD )) ) { @@ -1229,9 +1232,8 @@ ADS_STRUCT *ads = NULL; ADS_STATUS status; char *machine_account = NULL; - const char *short_domain_name = NULL; + char *short_domain_name = NULL; char *tmp_password, *password; - struct cldap_netlogon_reply cldap_reply; TALLOC_CTX *ctx; DOM_SID *domain_sid = NULL; BOOL createupn = False; @@ -1296,27 +1298,20 @@ tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); password = talloc_strdup(ctx, tmp_password); - if ( net_join_domain( ctx, ads->config.ldap_server_name, &ads->ldap_ip, &domain_sid, password ) != 0 ) { + if ( net_join_domain( ctx, ads->config.ldap_server_name, &ads->ldap_ip, + &short_domain_name, &domain_sid, password ) != 0 ) + { d_fprintf(stderr, "Failed to join domain!\n"); goto fail; } /* Check the short name of the domain */ - ZERO_STRUCT( cldap_reply ); - - if ( ads_cldap_netlogon( ads->config.ldap_server_name, - ads->server.realm, &cldap_reply ) ) - { - short_domain_name = talloc_strdup( ctx, cldap_reply.netbios_domain ); - if ( !strequal(lp_workgroup(), short_domain_name) ) { - d_printf("The workgroup in smb.conf does not match the short\n"); - d_printf("domain name obtained from the server.\n"); - d_printf("Using the name [%s] from the server.\n", short_domain_name); - d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); - } - } else { - short_domain_name = lp_workgroup(); + if ( !strequal(lp_workgroup(), short_domain_name) ) { + d_printf("The workgroup in smb.conf does not match the short\n"); + d_printf("domain name obtained from the server.\n"); + d_printf("Using the name [%s] from the server.\n", short_domain_name); + d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name); } d_printf("Using short domain name -- %s\n", short_domain_name); Modified: branches/SAMBA_3_0_24/source/utils/net_domain.c =================================================================== --- branches/SAMBA_3_0_24/source/utils/net_domain.c 2006-11-16 23:56:52 UTC (rev 19755) +++ branches/SAMBA_3_0_24/source/utils/net_domain.c 2006-11-16 23:58:30 UTC (rev 19756) @@ -157,12 +157,12 @@ /******************************************************************* ********************************************************************/ -NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, DOM_SID **sid ) +NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, + char **domain, DOM_SID **sid ) { struct rpc_pipe_client *pipe_hnd = NULL; POLICY_HND lsa_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - char *domain = NULL; if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) { DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n", @@ -176,7 +176,7 @@ return status; status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, - &lsa_pol, 5, &domain, sid); + &lsa_pol, 5, domain, sid); if ( !NT_STATUS_IS_OK(status) ) return status;